Blog :: Configuration

Cisco 3750X 3KX NetFlow support for dot1qPriority (CoS)

Prioritizing traffic on the network has seen several approaches.  It has been implemented at layer 2, layer 4 and as of late with the introduction of Cisco Application Visibility and Control (AVC) at layer 7. For those consumers who aren’t ready to roll out AVC or even traffic prioritization at layer 4, you might want to take a look at prioritization at layer 2.

Cisco 3750X NetFlow

I got my inspiration for this post when I was looking at the NetFlow templates from our Cisco 3750X with the 3KX module.  As I perused the different elements being exported by this little beast, I came across an element named dot1qPriority. I did some searching around and found that dot1qPriority is the 3-bit User Priority portion of the Tag Control Information field of an Ethernet frame.  The structure and semantics within the Tag Control Information field are defined in 802.1Q .


IEEE 802.1Q is the networking standard that supports Virtual LANs and defines a system of VLAN tagging for Ethernet frames and the accompanying procedures to be used by bridges and switches.

NOTE: 802.1Q does not actually encapsulate the original frame, it adds a 32-bit field between the source MAC address and the EtherType/Length fields of the original frame. Two bytes are used for the tag protocol identifier (TPID), the other two bytes for tag control information (TCI). The TCI field is further divided into PCP, DEI, and VID.

Cisco 3750X NetFlow


The dot1qPriority comes into play around the PCP shown above. This is a 3-bit field which refers to the IEEE 802.1p priority.  Values are from 0 (best effort) to 7 (highest); 1 represents the lowest priority. These values can be used to prioritize different classes of traffic (voice, video, data, etc.) or Class of Service or CoS.

Class of Service

The CoS field specifies a priority value between 0 and 7, more commonly known as CS0 through CS7, that can be used by quality of service (QoS) disciplines to differentiate and shape/police network traffic. CoS operates only on 802.1Q VLAN Ethernet at the data link layer (layer 2), while other QoS mechanisms (such as DiffServ, also known as DSCP) operate at the IP network layer (layer 3) or use a local QoS tagging system that does not modify the actual packet, such as Cisco’s “QoS-Group”.

If you are looking for a NetFlow report on Class of Service or dot1qPriority element from your Cisco 3750X , we can build the reports for you.

3750X Class of Service

The above is a conceptual mock up that we haven’t implemented yet due to lack of demand.  We haven’t found an element yet that we can build a report on.    Building reports in our NetFlow Analyzer is easy with the report designer.  All we need is a customer request and we can help you generate exactly the report you need.